Analysis Overview
SHA256
a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612
Threat Level: Known bad
The file 123.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Requests dangerous framework permissions
Loads dropped Dex/Jar
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-02-22 19:36
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-02-22 19:36
Reported
2023-02-22 19:37
Platform
android-x64-20220823-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-02-22 19:36
Reported
2023-02-22 19:37
Platform
android-x64-arm64-20220823-en
Max time kernel
2057377s
Max time network
15s
Command Line
Signatures
Processes
ru.yandex.taxi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.206:443 | android.apis.google.com | tcp |
Files
/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile
| MD5 | ec7fc15f2c6eed84be76d85d708aae58 |
| SHA1 | a838f78c48ab85cdab7c1b746016f3f2ffa6f6b7 |
| SHA256 | 789e19e63f6f04913d65b699c1c99de71930586da7ed9965adae42922e7e99f7 |
| SHA512 | f94d750052a583f3764f1c7aa75f05f039d8f02d57306c1407f8ed7a461d9962121537577e564d35a217d29df3f5211087e1c8b27c36baf5e18c00f8149a543f |
/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum
| MD5 | f04aa85432b86be2e41d0e627c3bcdbd |
| SHA1 | 22cb79ab180fac72e1cef1882dfd97664eca5c63 |
| SHA256 | 08fa91bdae6b5f9ea4fc51960854ce2e90bfbfbe9e57b179f7eea7f8a4a57082 |
| SHA512 | 0c43f0043525fcf7ebef9732085e4e11e49778efd3365ffc83151aee168e9b4fb4aaf45b2edda47a69403583f0f66dc364c25cac9046153ffd86009ca68891e1 |
/data/user/0/ru.yandex.taxi/shared_prefs/Setting.xml
| MD5 | 29362c1f408b1d95208a82436969d8ee |
| SHA1 | 26248c79fb70c216d59ae505190f3bc148779fcf |
| SHA256 | cdf86f6046967003b533ce727bbeb6f1cc60a12887ee9dbe963704cfe88d8bc5 |
| SHA512 | 29dc982c8ba1326c1b36ee3d6b08eb190253f598ef2b667d3db151ea051944909e2b61892f3ba380d91373d14b6cc439edf75be4caa1cb18b1caa327deeaf86f |
/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |
/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | ff4cf87396bf3045b739983b95fb10d3 |
| SHA1 | c628e32963235efdaa5ece4e119fc780577cf1ca |
| SHA256 | 49bdb50810b2f74b9717bc959ebb7357250d9dd1d26b32977a940216fc8355c7 |
| SHA512 | 123aafb84b3c68ee39067e909eb9553f4a396b82ecebc08413c14b5345cf3347d00698f77281104da7242760646b9c181b65c66101e9ce9a6a96feef39bbf769 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-02-22 19:36
Reported
2023-02-22 19:37
Platform
android-x86-arm-20220823-en
Max time kernel
2053779s
Max time network
15s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
ru.yandex.taxi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 216.58.214.10:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.206:443 | android.apis.google.com | tcp |
Files
/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum
| MD5 | b1ff5b65c2ed71e8c092cb8f282117ab |
| SHA1 | f71073ebd55f521013cdfeac99c18d280e972d4e |
| SHA256 | e91fc6cb69ac9ed9c89e0c29cd1924e1f4597f034cc6832950b864397d231dad |
| SHA512 | a365db4900fcb324bf47876a5734e610b78471b6c882fca3bf6c6529ff6238930d63af9ed89944dc6be3cffec9dcf6d89c9accabc8a25b9d628d4db273cdfc2b |
memory/4082-0.dex
| MD5 | d1ca59756ca7d3ac22f5d7332bbd8996 |
| SHA1 | 9ce4c48f09cca8cb576ba253d3580d8cb2c84786 |
| SHA256 | af4f21fbd7c6dd88fb066feec305e8f79e9f9fbb803c6074be222ea7ff649cac |
| SHA512 | da8fb3c6ae40a6d813e87ce6ccfb5520b7dc9b00a6b5bebc58c2988ccd6d3a78fa14de91cecaeedc4e81621de8e336689fce3757b07718830d846e547ca9b8a4 |
/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile
| MD5 | 64f4ce03e27ceedcff80e106a1e7d0e4 |
| SHA1 | 307674941f03e1f379319f81ed33b110ae085c17 |
| SHA256 | ea999b3835ec8d6d296a581a8da5755c0a676e352d0f1b913729d2b162ab9a48 |
| SHA512 | 19765ef137948dc158884f2aaf9500d88a9555561eb24ec01c9d1ea6a53510121cdd20af54ac931c2db1a1d791204970fbd0b0ac715417e17a8976321e6e5ab1 |
/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |
/data/user/0/ru.yandex.taxi/shared_prefs/Setting.xml
| MD5 | 90aab5a7dff3de3a8753a8847e404da8 |
| SHA1 | 4e54da769d919c014ee8fb1b1b8689400081ce5b |
| SHA256 | 4ab17b00adcf67218267011c4c69bad63812329928bc2e46c6117d197bd73524 |
| SHA512 | 9684e5a66f04a4237345d3c910111ef21fa874680a2a91fa9f163b3b68acbf5978d9563bc0b6a5d31c8c8d1fc562928ae57cb499469607ac1866e00aa2bece63 |